>>1328
While I think this is good, for memorization, I use 25-40 character random ascii passwords using /dev/urandom or
passgen.sh. I write these down in a notebook that I keep in a small safe in my computer room/ study. I
also add random characters inserted into the computer generated password. Some of these passwords are memorized
and not written down anywhere. For example the codes I use for user login and for cryptsetup and gpg are
memorized, while the codes for github, protonmail, and other online services are written down in a notebook that I keep in a safe. I use different passwords for every distinct online service.
Ultimately I would want a system as follows: 2 factor authentication,
Factor 1 would be a 20-30 character
memorized passphrase number combination as mentioned above in
>>1328 or using random memorized ASCII like I currently do.
Factor 2 would be a 3.5" floppy disk with 1.44MB of random ASCII characters generated using OpenBSD on a Sun Sparc or DEC Alpha air-gap computer, with read only permissions and a hash, and the write protect toggle on. You would boot
your computer using both the disk key with the non-guessable ,random passphrase and with the memorized code.
You would keep the key in a safe in your study when not in use or on your person 24/7. Preferably you would
need both keys to open the encrypted computer. The memorized passphrase would allow you to boot to the point
where you need another key to decrypt the entire volume. This second stage uses a non dictionary, anti-brute
force password consisting of 1.44MB of random ASCII, that can't be guessed or memorized, stored on a floppy disk
for rapid destruction by neodymium magnet, mechanical shredding, and burning with a lighter. Once the volume is unlocked the computer should instruct you to remove the disk from the drive and stow it away, so that the OS never gets to or has the chance to read the contents of the disk once authenticated.
Message too long. Click here to view full text.
